If you have a GSC account, that is the place to find out how your site is doing in Google's indexes. The site: operator is not an accurate measure, useful only for limited data.

As for how it happens, people scrape content and use it to confuse the serps, trying to gain advantages for things like authority, trying to appear to be related to better, established sites. Google clears those kinds of links out of the serps automatically, though the records may seem to remain for a time. You do not need to take any action, unless you want to try to limit the scraping.

We have a forum here that only discusses the unwanted bots and UAs and server farms that are involved, to learn more about who/where/what: [webmasterworld.com...]

Another recent discussion of the site: operator might be helpful: [webmasterworld.com...]

A few years ago one of our sites was hacked and unwanted pages added to create backlinks to someone else's product.Those pages were removed within a couple of days. It is now many years later but I still see 404s logged for those pages.

If you have Google Search console account check there is no unwanted users. A few years back there was major Drupal exploit and one of my sites was compromised within hours of it being known. It was actually pretty clever what they did. The exploit allowed them to upload files to the server one of which was a .html site verification file for Google Console. They used the search console access to setup a link to a sitemap. The sitemap file just created links to another script which was bitcoin mining script. They were using Google as cron job! LOL

Thank you very much for the answers. So, this means it's nothing to worry about? Because, as I mentioned above, Bing has completely removed the site from its index, but that doesn't concern me too much since I wasn't getting any traffic from there anyway.

I'd be very much worried about it, find the source of the issue.

I saw that Google has indexed hundreds of links and posts that have not been created and do not exist on my site.

As one example if the server is compromised. The can be checking the UA and serving content to SE's and default to 404 for anonymous user. I had a client where a tricky exploit was upstream of anything they had access too. I only discovered it because I was using browsershot.org and it was producing error. Checking other sites on same IP showed same issue.

Start by checking your scripts. If for example you have software installed download copy of the version you are using. You can use a tool like Winmerge to compare your files to stock files.

The bogus links are on someone else's site. The source is not under Poshnjari's control.

Do not be concerned if you did not cause or host the baloney.

The bogus links are on someone else's site. The source is not under Poshnjari's control.

Not sure that this is the case, the pages were displayed in site: search on google, thus those page currently exist or have existed in the past. Unless I've misread these are not "links", but blue links that point to pages that the op did not create. I fear it is likely as @thecoalman suggests that they are being hidden. In chrome you can change the UA that the browser uses. Find the UA for Googlebot and then go to those links and my guess is that the pages will magically appear. Be worried.

Can you give me a little more explanation about this, please?

To override the user agent:
[developer.chrome.com...]

User agents:
[developers.google.com...]

@NickMNS I tried that too, the page gives a 404 error.

Your site might have sustained a hack or set out on a mischief-making spree, targeting it through negative SEO. Do look for unauthorized changes across the board, particularly in the .htaccess, sitemap, and database. Compare what Google sees with what users see to check for possible cloaking.

Fix any issues and thereafter submit a reconsideration in Bing Webmaster Tools. It's important that you secure the website as soon as possible!